Re: [spring] WGLC - draft-ietf-spring-srv6-network-programming

"Adrian Farrel" <adrian@olddog.co.uk> Wed, 11 December 2019 22:10 UTC

Return-Path: <adrian@olddog.co.uk>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 930111208A0; Wed, 11 Dec 2019 14:10:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mtupWXSSV824; Wed, 11 Dec 2019 14:10:15 -0800 (PST)
Received: from mta7.iomartmail.com (mta7.iomartmail.com [62.128.193.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB05F12012A; Wed, 11 Dec 2019 14:10:14 -0800 (PST)
Received: from vs3.iomartmail.com (vs3.iomartmail.com [10.12.10.124]) by mta7.iomartmail.com (8.14.4/8.14.4) with ESMTP id xBBMA9v1009593; Wed, 11 Dec 2019 22:10:09 GMT
Received: from vs3.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 009DD2203A; Wed, 11 Dec 2019 22:10:09 +0000 (GMT)
Received: from asmtp1.iomartmail.com (unknown [10.12.10.248]) by vs3.iomartmail.com (Postfix) with ESMTPS id DF50822032; Wed, 11 Dec 2019 22:10:08 +0000 (GMT)
Received: from LAPTOPK7AS653V ([84.93.96.25]) (authenticated bits=0) by asmtp1.iomartmail.com (8.14.4/8.14.4) with ESMTP id xBBMA7ia008954 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 11 Dec 2019 22:10:08 GMT
Reply-To: <adrian@olddog.co.uk>
From: "Adrian Farrel" <adrian@olddog.co.uk>
To: "'Pablo Camarillo \(pcamaril\)'" <pcamaril@cisco.com>, <bruno.decraene@orange.com>, "'SPRING WG List'" <spring@ietf.org>
Cc: "'draft-ietf-spring-srv6-network-programming'" <draft-ietf-spring-srv6-network-programming@ietf.org>
References: <17421_1575566127_5DE93B2F_17421_93_1_53C29892C857584299CBF5D05346208A48D1A3DA@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <035701d5ac4d$a3ea7ad0$ebbf7070$@olddog.co.uk> <0CB8E109-95E3-4A75-BCEF-1186817F68CE@cisco.com>
In-Reply-To: <0CB8E109-95E3-4A75-BCEF-1186817F68CE@cisco.com>
Date: Wed, 11 Dec 2019 22:10:06 -0000
Organization: Old Dog Consulting
Message-ID: <062c01d5b06f$bf4b76f0$3de264d0$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQKiVutP/sPEol3Kl3K9aNZrJmBKoAKU5q/XAgYPVnGl90DuoA==
Content-Language: en-gb
X-Originating-IP: 84.93.96.25
X-Thinkmail-Auth: adrian@olddog.co.uk
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.0.0.1623-8.2.0.1013-25098.003
X-TM-AS-Result: No--24.353-10.0-31-10
X-imss-scan-details: No--24.353-10.0-31-10
X-TMASE-Version: IMSVA-9.0.0.1623-8.2.1013-25098.003
X-TMASE-Result: 10--24.353100-10.000000
X-TMASE-MatchedRID: IeZYkn8zfFqyoI+bK8UPQnFPUrVDm6jtkCg/YobsR89IXJo+eGm+FFto Nq9iyPJtuGG+nLBngZeJRTIjsn2aGCXWu5LW+2sl5QQLnsWjG3Sm8MsuWwAf/dZd/DOmlnxIN7M qUQWEZrpffzU9brcHlFjS6cWqa6eCYwXAgt8PtiA1Pd2wRvpA9/90rolpyAS7r1uVaZUKda9Kb8 bIfVVvJRBFSdHtKk3VwNmWlN1avurbyTIM6I9x1spdsi/eZA1jWw/S0HB7eoO/md2adk3dROf0Q jjOEQY7nalApy/4zI3tUflBz+1y0vvYM+XnB5CTmvnKSb020hzjZOj64c0Q9nxbHSW75UstI1Eq UsnvZrAiQx+bdkPea78TAp4or9RpLQ01E4gfNkpfYa9W9OjitT17tS9vI0pxXZgp9Jjp/Mw2xNN cXVQ8wHONz4/Zu+jMnvIyWp08/uLyzTQFi0yHB5dn0VaVcqOkNGzPoDPB/1KZfDRE1uqSgvpBHO NPDWjK8a9FfTFXt2mcLCy/JTHgBWuLVqqROolwN19PjPJahlJMkOX0UoduuS6tRzC7Nk0T+EbGa y2Ctfw4Awd6AhSPbyd6jyZJF/niENBehitButjQDP6prYKgCk8S+VNhFmpb2pSaXhW9wNiK3/8B y6P4qMQpCgC/PGei3Q+GRZGPqxEuZDeNnIwVU3E8DpquRinQoiKTb964zHWJvhiXDSn8JyRE1l/ 6SnLO2aMP/NeENdX13WTRxcDUK4VVY0f2VRT1+NCQDut0K4UR5c83KIxTTpm3TxN83Lo4HGmALP PxeteSQnyAXGGW2MYZiDeZNITJW94CTTo5IqyeAiCmPx4NwFkMvWAuahr8m5N2YHMD0b8MyrfP9 j+C1d934/rDAK3zUc1+O1X9AzE=
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/nFEVCec982Oiki6yf7QV8OdGs8c>
Subject: Re: [spring] WGLC - draft-ietf-spring-srv6-network-programming
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2019 22:10:19 -0000

Hi Pablo,

Very good progress. Thanks for the work.

I have snipped down to the conversation points below.

The document has gone through a lot of changes in -06 and clearly there is a -07 in the pipe. I'll wait for that before doing a re-read.

Best,
Adrian

[snip]

>> Another 'normal' thing to do is check that the draft follows the
>> editorial guidelines from the RFC Editor. Most notable is that the
>> Requirements Language text should be moved into section 2.1.
>
> PC: Moved into 2.1.
> Just for my knowledge, why should it be moved into 2.1 and not into 1.1?
 
1.1 would be acceptable, but since 2. Is all about terminology and stuff, it sits there quite well.

[snip]

>> I think you could usefully spend some time describing the classes of
>> behaviors. Notably "End behaviors" and "Transit behaviors". This would
>> go as a new section before section 4.
>> 
>> You can describe how/where in the network the behaviors are executed,
>> and you can describe whether the behaviors are bound to specific SIDs
>> (SID types) or not.
>> 
>> The, probably, rename section 4 to "End behaviors" which keeps it 
>> aligned with the name of section 5.
>> 
> PC: The SRH draft is defining the different types of nodes accurately. 
> (Transit node, Source SR node, SR Endpoint).

I have no issue with the definition of nodes (other than the way the concept is used in section 5).

> This draft has
>
> Section1:
>   Familiarity with the Segment Routing Header
>   [I-D.ietf-6man-segment-routing-header] is assumed.

Sure.

> Section 5:
>   These
>   behaviors are not bound to a SID and they correspond to source SR
>   nodes or transit nodes [I-D.ietf-6man-segment-routing-header].
>
> Don’t you think that is enough?

Well, obviously I found it unclear. In fact, section 4 had (at the time of my review) "Behaviors Associated with a SID" and I think I struggled with how "associated with" was different to "bound to".

But now you have renamed section 4, this helps.

Nevertheless, in Section 2 you have:
   SRv6 segment behavior: A packet processing behavior executed at an
   SRv6 segment endpoint.  Section 4 of this document defines behaviors
   related to traffic-engineering and overlay use-cases.  Other
   behaviors (e.g. service programming) are outside the scope of this
   document.

This must have confused me, too. Looking at it now, it seems to constrain "behaviour" to the SR Endpoint Behaviors of section 4, meaning that section 5 comes as a "surprise". Indeed, section 2 seems to say that section 5 is out of scope of this document :-Z

All I am asking for is some text early in the document that sets the scene. What is a behaviour? What classes of behaviour are we considering (end, transit, ...)? Who decides what behaviour to apply to what SID at which node? Not looking for pages of text. Probably you could do it in 5 lines.

[snip]
 
> 4.1
>
> I was surprised by...
>
>  S01. When an SRH is processed {
>  S02.   If (Segments Left == 0) {
>  S03.      Send an ICMP Parameter Problem message to the Source Address
>               Code TBD-SRH (SR Upper-layer Header Error),
>>               Pointer set to the offset of the upper-layer header,
>>               interrupt packet processing and discard the packet
>>  S04.   }
>>  S05.   If (IPv6 Hop Limit <= 1) {
>>  S06.      Send an ICMP Time Exceeded message to the Source Address,
>>               Code 0 (Hop limit exceeded in transit),
>>               interrupt packet processing and discard the packet
>>  S07.   }
>>
>> Are you sure that Hop Limit processing is left so late? Isn't it one of
>> the first things done with a packet before even the SRH is discovered to
>> be present?
>
> PC: Is there any difference on the hop limit check if I do it two lines earlier? 
> I believe that the end result is the same.
 
It makes a difference which ICMP error is sent. I would argue that you shouldn't be looking at the SRH of a packet when the Hop Limit has expired.

[snip]
 
>> 4.1 (and other sections)
>> 
>> I spent rather too much time trying to work out
>> 
>>  S08.   max_LE = (Hdr Ext Len / 2) - 1
>>  S09.   If ((Last Entry > max_LE) or (Segments Left > Last Entry+1)) {
>> 
>> As far as I can see, for an SRH,
>> 
>>   Hdr Ext Len = 7 + (16 * (Last Entry + 1) ) + sum(all TLV lengths)
>> 
>> So, while I see that you want to check that Last Entry doesn't point out
>> beyond the end of the SRH, I don't see how your computation of max_LE 
>> helps.
>> 
>> What have I missed?
> 
> PC: How do you propose to check whether Last Entry value exceeds
> the maximum possible theoretical Last Entry value?
> The only information you have is the Header Extension Length. Based
> on this I compute the maximum theoretical Last Entry possible value,
> and then just compare the values.
>
> Maybe I am the one who have missed something. If you have a simpler
> proposal please let me know.

OK, we agree that the right thing to do is work out the largest possible Last Entry value (max_LE) and compare it to the actual Last Entry value. That is good.

I also agree that all you have in hand is the Header Extension Length (Hdr Ext Len)

I just don't think that you are computing the right value for max_LE using max_LE = (Hdr Ext Len / 2) - 1.

I would agree that max_LE < (Hdr Ext Len / 2) - 1  so that comparing Last Entry with that value provides a check. I just don't think it is a very precise check.

Perhaps my understanding of the actual value of Hdr Ext Len is incorrect, but if I am right, then you could probably get closer to a good number.

[snip] 
 
>> 4.12
>> 
>> Where arguments are optional, I don't think you have made it clear what 
>> you do if no argument is supplied. I would presume you set the ARG bits
>> to zero, but I am not clear whether zero could be interpreted as a 
>> valid argument.
>
> PC: On a per deployment basis the operator decides which value of ARG represent “No arguments”.

Oh, well, I understand that the ARG bits apply to a function that is (presumably) known across the network, so I suppose that what you are saying is that when an operator deploys a function that may take arguments she must configure all participating nodes to have the same understanding of those arguments and how to set the bits when no arguments are supplied (in the case where arguments were optional for the function).

Now, it would be good to make some of that clear (perhaps in the last paragraph of 3.1).

But, we are in the business of making interoperable implementations, so this need to configure this feature needs to be spelled out.

>> 4.13
>>
>>   An End.B6.Encaps SID is never the last segment in a SID list.  Any
>>   SID instantiation must be associated with an SR Policy
>>   B[I-D.ietf-spring-segment-routing-policy] and a source address A.
> 
> This makes [I-D.ietf-spring-segment-routing-policy] a normative
> reference.
>
> PC: I disagree. Example RFC8660 (Segment Routing with the
> MPLS Data Plane).
 
It is a very different usage made in that document.
Here you are saying that an implementation of this document must do something related to [I-D.ietf-spring-segment-routing-policy].
To me, that means that you can't implement this document without reading [I-D.ietf-spring-segment-routing-policy]

[snip]

>> 4.16.1 and 4.16.2
[snip] 
>> You might want to recast PSP if its purpose is to handle "end" nodes
>> that are not SRH capable. To do this you would recast the node that you
>> have called the PSPS node as the edge of the domain (the end node) and
>> set the action as "Pop and go".
> 
> PC: This is one use-case indeed.  I don’t follow you in the notion of
> “Pop and Go”.

An MPLS concept associated with determining the forwarding behaviour, stripping the label, and forwarding.

[snip]

>> 5.1
>> 
>>   This means that N treats the following two packets P1 and P2 with the
>>   same performance:
>> 
>>      P1 = (A, S2)
>> 
>>      P2 = (A, S2)(S3, S2, S1; SL=1)
>> 
>> I don't think this is necessarily true since packet length and other 
>> things (e.g., hashing) may vary. So you either need to sharpen your
>> meaning of "performance" or just content yourself with "MUST NOT
>> examine the SRH".
>
> PC: If the SRH or anything below is not being processed, there is no
> performance impact, no? 
 
Oh, you meant "speed of throughput" not "treated identically". The use of "treats" confuses the sentence.

OK. That comes under "sharpen your meaning of performance".

Perhaps:
   This means that N forwards the following two packets P1 and P2 at the
   same rate:

?

[snip]
 
>> 5.2
>> 
>> By definition this behavior only applies at source nodes per 8402. In
>> other words, you are describing domain recursion according to 8402.
>
> PC: Not sure what resolution you are looking for here.
 
I'm not sure either 😊

I think I am wondering how you can have "Transit with Encapsulation" since "Transit" means in the middle of the network (at a transit node) and "Encapsulation" means at a source node.
If a transit node is doing encapsulation, then you are recursing (which is OK).

When I waffled about behaviors before, it seemed to me that you have source, transit, and end behaviors. What you are describing in this section is a source behaviour. The fact that the source is encapsulating a packet that is already SRv6, is not so interesting as the fact that it is encapsulating a packet.

But then see also 5.3 and this discussion below.

>> I don't think 5.4 or 5.5 can happen at transit nodes. The thing to be
>> encapsulated is an L2 frame and so is only seen at a source node.
>> 
>> At this point, I think only 5.1 describes a transit behavior. 5.2 to 5.5
>> describe source behaviors.
>
> PC: 
> There are two types of source nodes. 
> You can have a source node that is doing plain IP transit. You have a
> local policy to encapsulate all packets matching X to be steered into
> a segment routing policy with behavior T.Encaps.
> The other type of source node is the SR endpoints that instantiate a
> BindingSID. This is also an Source node that steers all packets received
> with IPv6 DA = BSID.
> Section 5 is describing transit behaviors. 

Confused me here. You say that these source nodes are transit nodes? That makes the definition of the two node types very unclear.

Just because the node is not a host does not make it a transit node. We have a good and clear definition of a transit node as a node that receives and sends an SRv6 packet. Nodes that add an SRH are source nodes. Nodes that remove the SRH are end nodes.
 
But in 5.4 the thing that is encapsulated is an L2 frame. So not plain IP transit, and not a packet received with a BSID in the DA.
At least, the text in 5.4 appears to say that.
So really, is this transit behaviour?

 
>> 6.1
>> 
>> I agree with this section, but I am concerned that you are updating 
>> draft-ietf-6man-segment-routing-header by adding normative language to
>> describe nodes that process the SRH. Does that mean you should use an
>> "Updates" clause in the document header?
>>  
>> After describing CNT-1 and CNt-2 you say...
>> 
>>   Furthermore, an SRv6 capable node maintains an aggregate counter
>>   CNT-3 tracking the IPv6 traffic that was received with a destination
>>   address matching a local interface address that is not a locally
>>   instantiated SID and the next-header is SRH with SL>0.
>> 
>> That looks like s/maintains/MUST maintain/ unless you have a reference
>> for the assertion that it does maintain CNT-3.
>
> PC: I disagree that this is an update to the SRH. The SRH defines a
> header and one type of segment processing.
> Defining a counter is not related to the SRH at all.
 
Well, perhaps you didn't just say what you meant to say because the text I quoted most clearly says that the counter is counting events related to the SRH.

But to the point: the document says...
   Any SRv6 capable node SHOULD implement the following set of combined
   counters (packets and bytes):
"Any SRv6 capable node" is clearly in the scope of draft-ietf-6man-segment-routing-header

>> 6.3
>> 
>> I think you have made [I-D.ietf-6man-spring-srv6-oam] a normative
>> reference.
> 
> PC: Why? Its defining new behaviors for the purpose of OAM, but
> those are not required in NET-PGM.

You're right. Section 6.3 doesn't actually say anything.

[snip]
 
>> 9.
>> I am strongly opposed to such a large range being assigned for
>> experimental use.  RFC 3692 gives some guidance.  The normal idea is 
>> that there should be enough codepoints to allow two experiments to be
>> run on the same nodes without conflict, but few enough that they cannot
>> be used as a proxy for allocating and registering values in the 
>> registry.
>> 
>> I should think that 32 code points is enough.
>
> PC: This comment has also been raised by Bruno (as individual). I
> agree and I have proposed to Bruno this:
>   Experimental and Private use deleted
>   Specification Required changed to FCFS as per Bruno’s suggestion
>   New block in the previous space of experimental and private that
>   is reserved for future use of IETF.

That works.
The correct language for the last block is "Reserved. Not to be allocated."
(Note for you: a future standards track document can change the allocation policy for that block meaning it can then be used.)